[p4] P4 reopen with security level 3
Jeff A. Bowles
jab at pobox.com
Mon Mar 10 19:02:34 PDT 2008
I would make sure that the field named "Host:" is set to a non-empty
value in the workspace, which prevents someone from using their
machine to masquerade as your workspace's machine. (It is the default
for new workspaces - default is that it's filled in with the machine
name of the creating machine.)
If this is much of a problem, I'd consider putting a bit of
restriction on workspace spec changes (triggers that insist on
Hostname set or perhaps something more elaborate) and changes to the
Host: field, or perhaps I'd buy the coworker's kid a toy drum for his
next birthday.
-Jeff Bowles
Perforce Consulting Partner / Certified Trainer
On Mar 10, 2008, at 3:46 PM, Looney, James B (N-ULA) wrote:
> I haven't completely checked this out, but it got my attention when
> one
> of my coworkers 'stole' a file from me. He used p4 reopen, and it was
> reopened in his name. Am I missing something in believing that with
> security in place (level 3), that this should not be allowed to
> happen?
>
> To make sure the question's clear:
> user1: p4 edit file.cpp
> file.cpp - opened for edit
>
> user2: p4 opened
> file.cpp edit default change (text) by jlooney at clientName
> user2: p4 reopen file.cpp
> user2: p4 opened
> file.cpp - edit default change
>
> It seems to me as though this violates part of why we have to login as
> individual users. Unless this has something to do with user1 and
> user2
> being in the same group or having access to the same files?
>
> Thanks,
> -James
> _______________________________________________
> perforce-user mailing list - perforce-user at perforce.com
> http://maillist.perforce.com/mailman/listinfo/perforce-user
More information about the perforce-user
mailing list